450 Client host rejected: cannot find your hostname

[ljramos]

Can someone explain me this?

[root@dedicated ~]# dig -t mx cntit.com

; <<>> DiG 9.3.1 <<>> -t mx cntit.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23617
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;cntit.com. IN MX

;; ANSWER SECTION:
cntit.com. 3600 IN MX 10 dedicated.cntit.com.

;; AUTHORITY SECTION:
cntit.com. 3600 IN NS ns5.secureserver.net.
cntit.com. 3600 IN NS ns6.secureserver.net.

;; ADDITIONAL SECTION:
dedicated.cntit.com. 3600 IN A 207.234.224.95

;; Query time: 68 msec
;; SERVER: 208.109.78.180#53(208.109.78.180)
;; WHEN: Wed Aug 15 13:41:27 2007
;; MSG SIZE rcvd: 121
------------
[root@dedicated ~]# dig -t any cntit.com

; <<>> DiG 9.3.1 <<>> -t any cntit.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27115
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;cntit.com. IN ANY

;; ANSWER SECTION:
cntit.com. 86400 IN SOA NS5.SECURESERVER.NET. dns.jomax.net. 2007073000 28800 7200 604800 86400
cntit.com. 3600 IN A 207.234.224.95
cntit.com. 3600 IN MX 10 dedicated.cntit.com.
cntit.com. 3600 IN NS ns5.secureserver.net.
cntit.com. 3600 IN NS ns6.secureserver.net.
cntit.com. 3600 IN TXT "v=spf1 a:dedicated.cntit.com ~all"

;; ADDITIONAL SECTION:
dedicated.cntit.com. 3600 IN A 207.234.224.95

;; Query time: 68 msec
;; SERVER: 208.109.78.180#53(208.109.78.180)
;; WHEN: Wed Aug 15 13:41:51 2007
;; MSG SIZE rcvd: 249
----snip----

[root@dedicated ~]# su - zimbra -c 'zmlocalconfig' | grep host
ldap_host = dedicated.cntit.com
logger_mysql_bind_address = localhost
mysql_bind_address = localhost
snmp_trap_host = dedicated.cntit.com
zimbra_server_hostname = dedicated.cntit.com
zimbra_zmprov_default_soap_server = localhost
------snip----

[root@dedicated ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
207.234.224.95 dedicated.cntit.com dedicated
-----snip----
[root@dedicated ~]# cat /etc/resolv.conf
nameserver 208.109.78.180
nameserver 216.219.239.7
nameserver 216.219.239.8
nameserver 208.109.80.75
----snip----

Yesterday all fine
Today morning all fine
Now 12:00 pm EST
Now email comes in no email comes out.

Internal emails are flowing normal.


Do I have something wrong?
An I doing something wrong?

I have check every where here and wiki

I have disable DNS lookup

Who is rejecting, (450) my zimbra server or the destination/sender server?

[mmorse]

how about enable dns lookups? (recheck that box in the global settings>mta tab)

450-is a soft reject usually releated to PTR in-addr.arpa (reverse DNS) records
-from the other side might mean they are trying to run SMTP VRFY...
-from your side turn off reject_unknown_client & hostname (uncheck those boxes in the global settings>mta tab)

[ljramos]

This is a test email sent from dnsstuff.com
---snip---
Aug 15 15:32:07 dedicated postfix/smtpd[11522]: NOQUEUE: reject: RCPT from unknown[74.53.59.133]: 450 Client host rejected: cannot find your hostname, [74.53.59.133]; from= to= proto=SMTP helo=
---snip---

I have called my ISP to fix the PTR netry to reflect the FQDN? HOw long will it take to reflect the RDNS correctly?

[mmorse]

Well as long as it takes to propagate to the servers that the other end are checking against...
However, PTR records are not 100% required, so I find it odd that all of a sudden everyone your emailing is doing reverse dns checks against you.

(You never said if you checked the enabled dns lookups box & unchecked reject_unknown_client.)

What's your output of 'dig dedicated.cntit.com' or 'dig any dedicated.cntit.com' etc?

[ljramos]

mmorse ....
Well it is the other way around. Most of the incoming emails are being flag 450 due to RDNS failure.
for example
EHLO is
but the RDNS is reject: RCPT from relay1-bna.webmd.com[204.250.122.30]

Is there something I can do to minimize this legitimate email to be flag as 450

[mmorse]

Cleaning out my unreplied folder...
Ok so you fixed the outgoing issue? How about your incoming issue?

Outgoing-In the first post you said:

email comes in no email comes out.

Enable DNS lookups. (And fix your own PTR entry; not always needed but it cuts down as being called a spammer.)

Incoming-Then it changed to:

reject: RCPT from unknown[74.53.59.133]: 450 Client host rejected: cannot find your hostname, [74.53.59.133]

&

Most of the incoming emails are being flag 450 due to RDNS failure.

Turn off reject_unknown_client; which rejects the request when the client IP address has no PTR (address to name), or when the PTR record does not have a matching A record (name to address).
Turn off reject_unknown_hostname; which rejects the request when the hostname in the client HELO (EHLO) command has no DNS A or MX record.

[randall]

Is there something I can do to minimize this legitimate email to be flag as 450
Reply With Quote

mmorse is correct. You have to turn off that reject_unknow_client and reject_unknow_hostname.

There are alot of MX server there that is not properly configured for this and they get rejected if you have those flags on.

The reject_non_fqdn_hostname and reject_non_fqdn_sender will do, I believe.